Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
28/03/2024, 01:58
Static task
static1
Behavioral task
behavioral1
Sample
f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe
Resource
win10v2004-20240319-en
General
-
Target
f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe
-
Size
816KB
-
MD5
c24c2de0d561468e37b4b3283dc291b7
-
SHA1
d25d4a43661c5046b41a4d99fb471c6cd5916983
-
SHA256
f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3
-
SHA512
75c1fb74e08cee1368ce4d034f9c2f8739ebed21296d3a14c6b3b80408a2a09bcbc0ce7aee844a4a10df07ca90491fc233ca7bbd2db0a962962d799990db52c5
-
SSDEEP
24576:IY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9R:V3XZynV4oDabuWbDQOcIxJJ9R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4496 1C0C0D0A120C156C155B15B0A0A160A0B160B.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 776 f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe 4496 1C0C0D0A120C156C155B15B0A0A160A0B160B.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 776 wrote to memory of 4496 776 f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe 94 PID 776 wrote to memory of 4496 776 f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe 94 PID 776 wrote to memory of 4496 776 f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe"C:\Users\Admin\AppData\Local\Temp\f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:776 -
C:\Users\Admin\AppData\Local\Temp\1C0C0D0A120C156C155B15B0A0A160A0B160B.exeC:\Users\Admin\AppData\Local\Temp\1C0C0D0A120C156C155B15B0A0A160A0B160B.exe2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2320,i,3025503729105798828,9325691672526736153,262144 --variations-seed-version /prefetch:81⤵PID:4484
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
816KB
MD5d4fb0300abcbda12f299b9a78e9ed506
SHA167ffd49083c0e2291ab35a1b1daef0f2e0cd8be3
SHA256beac9b00272cd5e2db189da18508f3bc53941bfb7044456f0d53e678a6b03672
SHA512ac693b8bbb2de5f6c76570d69b0088a9519c6fdfc15334470734b55e506d0fe137701b92a1b519278ae27edc3ee86d32096969e454a510307a06ae312207faf5